On Tue, 2 Apr 2019, Valery Smyslov wrote:
and define a default key length for the case when it is absent (e.g. 256 bits).
Do not do this. There are broken implementations and interop issues on this already by broken clients who don't send or omit to send KEY_LENGTH (old versions of us included).
It'll allow us to save few bytes by omitting attribute for most common cases.
Not worth it. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
